"It's never good to scare away your customers. It's even worse if you don't realize you're doing it. That was me. Like most folks in the developer community, it's been years since I last used Internet Explorer as my daily browser. Oh sure, we all keep copies around for web development work, but Firefox, Chrome, and Safari now rule the web roost. Unfortunately, that was not the case with the Blurity userbase." Wise lesson from Jeff Keacher.

I want her to be fearless with her computer, and all the scary false positives with IE will be great training ground for recklessly ignoring pointless, panic inducing signage.

LOL, I would say those pointless, panic inducing dialogs might be a lawsuit waiting to happen. If I were a developer releasing commercial software, and then found out IE was flagging my software as possibly being harmful, thereby causing users to abandon the installation and probably costing me money, I would be pretty pissed. I mean, this could not even really be considered as a false positive.

LOL, I would say those pointless, panic inducing dialogs might be a lawsuit waiting to happen.

The scary thing is how easy it is to get rid of those, just sign your executable! O_o What's to stop malware authors and similar from signing their executables and thus avoiding SmartScreen? Heck, how many times has it already happened?

I've had for some time this feeling that software signing really only benefits the signing companies who make people pay for the privilege. The failures of Comodo and Diginotar goes to show what centralized signing authorities are actually worth, but I'm sure that Microsoft must make tons of money by having people pay for the privilege of disabling scary warnings...

A measure need not be technically foolproof to be useful. From a game theory standpoint, the certificate requirement will disproportionately affect malware authors.

Once a certificate is blacklisted, all other malware signed with the certificate will also get blocked. Thus, malware authors only have a limited time window in which to reuse a certificate before it becomes invalid. They essentially have to buy a new certificate every few malware strain released.

Contrast this to the present situation, in which they can release as many variants as they want, for free. Even when one of the strains is detected, the antivirus signature may not block the other strains.

In contrast, non-malware software publishers only need to buy one certificate for all their software -- every release, every hotfix.